By manishs from Slashdot's security-woes department:Reader Orome1 writes: For the last few years, researchers from Ben-Gurion University of the Negev have been testing up new ways to exfiltrate data from air-gapped computers: via mobile phones, using radio frequencies ("AirHopper"); using heat ("BitWhisper"), using rogue software ("GSMem") that modulates and transmits electromagnetic signals at cellular frequencies. The latest version of the data-exfiltration attack against air-gapped computers involves the machine's fans. Dubbed "Fansmitter," the attack can come handy when the computer does not have speakers, and so attackers can't use acoustic channels to get the info.An anonymous reader adds:Malicious applications use the noise emanated by a computer fan's speed to relay information to a nearby recording device and steal data from air-gapped, isolated systems. The attack relies on selecting a fan speed to represent binary "1" and another for binary "0". A specially crafted malware can alter the CPU, GPU or chassis fan speed between these two frequencies and provide a method to relay data from infected systems. Attackers can then place microphones or smartphones to record the sound coming from the infected machine and steal the data. The attack works for distances of one to four meters, and operates in the 100-600 Hz frequency that can be picked up by the human year. Choosing smaller fan speeds or fan speeds that are closer together can make the attack harder to pick up by a human, but also makes it susceptible to background noise.

By BeauHD from Slashdot's password123 department:chicksdaddy writes from a report via The Security Ledger: Hospitals are pretty hygienic places -- except when it comes to passwords, it seems. That's the conclusion of a recent study by researchers at Dartmouth College, the University of Pennsylvania and USC, which found that efforts to circumvent password protections are "endemic" in healthcare environments and mostly go unnoticed by hospital IT staff. The report describes what can only be described as wholesale abandonment of security best practices at hospitals and other clinical environments -- with the bad behavior being driven by necessity rather than malice. "In hospital after hospital and clinic after clinic, we find users write down passwords everywhere," the report reads. "Sticky notes form sticky stalagmites on medical devices and in medication preparation rooms. We've observed entire hospital units share a password to a medical device, where the password is taped onto the device. We found emergency room supply rooms with locked doors where the lock code was written on the door -- no one wanted to prevent a clinician from obtaining emergency supplies because they didn't remember the code." Competing priorities of clinical staff and information technology staff bear much of the blame. Specifically: IT staff and management are often focused on regulatory compliance and securing healthcare environments. They are excoriated for lapses in security that result in the theft or loss of data. Clinical staff, on the other hand, are focused on patient care and ensuring good health outcomes, said Ross Koppel, one of the authors of the report, who told The Security Ledger. Those two competing goals often clash. "IT want to be good guys. They're not out to make life miserable for the clinical staff, but they often do," he said.

By BeauHD from Slashdot's time-to-throw-in-the-towel department:AchilleTalon writes: BlackBerry CEO John Chen refuses to give up on the company's hardware business despite lackluster sales of its first Android-powered smartphone, the Priv. The Canadian smartphone maker reported a $670 million net loss in the first quarter of its 2017 financial year, but said its recovery plan for the year remains on track. Chen, who has stated the company's No. 1 goal is to make its smartphone device business profitable this fiscal year, said he expects the company's new mobility solutions segment to break even or record a slight profit during the third quarter, which ends Nov. 30, 2016. During BlackBerry's first quarter -- second full quarter to include Priv sales -- the company sold roughly 500,000 devices at an average price of $290 each, he said, which is about 100,000 smartphones fewer than the previous quarter and about 200,000 fewer than two quarters earlier. Previously, the company said it needs to sell about three million phones at an average of $300 each to break even, though Chen indicated that may change as the software licensing business starts to contribute to revenue.

By BeauHD from Slashdot's historic-referendum department:An anonymous reader quotes a report from the BBC: The UK has voted by 52% to 48% to leave the European Union after 43 years in a historic referendum, a BBC forecast suggests. London and Scotland voted strongly to stay in the EU but the remain vote has been undermined by poor results in the north of England. Voters in Wales and the English shires have backed Brexit in large numbers. The referendum turnout was 71.8% -- with more than 30 million people voting -- the highest turnout since 1992. London has voted to stay in the EU by around 60% to 40%. However, no other region of England has voted in favor of remaining. Britain would be the first country to leave the EU since its formation -- but a leave vote will not immediately mean Britain ceases to be a member of the 28-nation bloc. That process could take a minimum of two years, with Leave campaigners suggesting during the referendum campaign that it should not be completed until 2020 -- the date of the next scheduled general election. The prime minister will have to decide when to trigger Article 50 of the Lisbon Treaty, which would give the UK two years to negotiate its withdrawal. Once Article 50 has been triggered a country can not rejoin without the consent of all member states. British Prime Minister David Cameron is under pressure to resign as a result of the decision. UK Independence Party (UKIP) leader Nigel Farage called on him to quit "immediately." One labor source said, "If we vote to leave, Cameron should seriously consider his position." Several pro-Leave Conservatives including Boris Johnson and Michael Gove have signed a letter to Mr. Cameron urging him to stay no matter the decision. Mr. Cameron did say he would trigger Article 50 as soon as possible after a leave vote.

By BeauHD from Slashdot's out-with-the-old-in-with-the-new department:An anonymous reader writes: Apple has officially told several news sites that it plans to discontinue the Thunderbolt Display, which has been available online and in Apple retail stores since it was first introduced in 2011. "We're discontinuing the Apple Thunderbolt Display. It will be available through Apple.com, Apple's retail stores and Apple Authorized Resellers while supplies last. There are a number of great third-party options available for Mac users," said an Apple spokesperson. Rumors suggest that Apple will launch a new version of its Thunderbolt monitor later this year, featuring an upgraded 5K resolution and discrete GPU. The new Thunderbolt Display may even launch alongside next-generation Skylake Retina MacBook Pros, which too are rumored to be released later this year. fyngyrz writes: So, bought into the whole Thunderbolt monitor thing from Apple? Might want to collect a few right now, while you still can. It appears that the Thunderbolt monitor is going the way of the analog [headphone] jack over at Apple. Isn't it fun to be part of an unsuccessful experiment?

By BeauHD from Slashdot's no-such-thing-as-bad-publicity department:An anonymous reader writes from a report via The Consumerist: Consumerist reader Robert is fighting with Comcast over a $1,775 early termination fee that should not have been assessed after he tried to cancel his business-tier service with the company. Comcast itself has even admitted that the money should not have been debited from Robert's bank account, but now says it's his responsibility to sort the mess out with his bank. The Consumerist reports: "In an effort to save money in 2014, Robert called to have their service level downgraded to a more affordable rate. Shortly thereafter, correctly believing that he was out of contract, he cancelled his Comcast service. That should have been the end of the story, but only weeks after closing the Comcast account, the boys from Kabletown decided that Robert was not out of contract, debiting $1,775.44 from the checking account tied to the Comcast service. Skip forward to Jan. 2015 -- two months after being told he'd get made whole; still no check. Robert says that when he called Comcast, 'the rep actually laughed when I told her I didn't get a check yet. She said it would take three months.'" Two calls later, one in June 2015 and one in Jan. 2016, Robert still didn't receive the check even after being reassured it was coming. More recently, he received an email from someone at Comcast "Executive Customer Relations," saying: "I understand you're claiming that someone advised you Comcast would send a refund check for the last payment that was debited but this is generally not the way we handle these situations. [...] For your situation, you would have to dispute the payment with your bank." Good news: The Consumerist reached out to Comcast HQ and a Comcast rep wrote back. "More information just came in," reads the email, which explains that an ETF credit was applied to his account in Dec. 2014, but "through some error the refund check never generated." Comcast is reportedly sending the check for real this time.

By BeauHD from Slashdot's spam-folder department:An anonymous reader quotes a report from Ars Technica: Documents recently obtained by the conservative advocacy group Judicial Watch show that in December 2010, then-U.S. Secretary of State Hillary Clinton and her staff were having difficulty communicating with State Department officials by e-mail because spam filters were blocking their messages. To fix the problem, State Department IT turned the filters off -- potentially exposing State's employees to phishing attacks and other malicious e-mails. The mail problems prompted Clinton Chief of Staff Huma Abedin to suggest to Clinton (PDF), "We should talk about putting you on State e-mail or releasing your e-mail address to the department so you are not going to spam." Clinton replied, "Let's get [a] separate address or device but I don't want any risk of the personal [e-mail] being accessible." The mail filter system -- Trend Micro's ScanMail for Exchange 8 -- was apparently causing some messages from Clinton's private server (Clintonemail.com) to not be delivered (PDF). Some were "bounced;" others were accepted by the server but were quarantined and never delivered to the recipient. According to the e-mail thread published yesterday by Judicial Watch, State's IT team turned off both spam and antivirus filters on two "bridgehead" mail relay servers while waiting for a fix from Trend Micro. There was some doubt about whether Trend Micro would address the issue before State performed an upgrade to the latest version of the mail filtering software. A State Department contractor support tech confirmed that two filters needed to be shut off in order to temporarily fix the problem -- a measure that State's IT team took with some trepidation, because the filters had "blocked malicious content in the recent past." It's not clear from the thread that the issue was ever satisfactorily resolved, either with SMEX 8 or SMEX 10.

By BeauHD from Slashdot's contrary-to-popular-belief department:An anonymous reader writes: [Softpedia reports:] "A study from GeoEdge (PDF), an ad scanning vendor, reveals that Flash has been wrongly accused as the root cause of today's malvertising campaigns, but in reality, switching to HTML5 ads won't safeguard users from attacks because the vulnerabilities are in the ad platforms and advertising standards themselves. The company argues that for video ads, the primary root of malvertising is the VAST and VPAID advertising standards. VAST and VPAID are the rules of the game when it comes to online video advertising, defining the road an ad needs to take from the ad's creator to the user's browser. Even if the ad is Flash or HTML5, there are critical points in this ad delivery path where ad creators can alter the ad via JavaScript injections. These same critical points are also there so advertisers or ad networks can feed JavaScript code that fingerprints and tracks users." The real culprit is the ability to send JavaScript code at runtime, and not if the ad is a Flash object, an image or a block of HTML(5) code.

By BeauHD from Slashdot's obnoxious-hacking department:An anonymous reader writes: WatchMojo, one of the most popular channels of YouTube with over 12 million subscribers, has been hacked. Subscribers of one of YouTube's most popular channels, WatchMojo, were greeted with an unusual surprise on Wednesday evening, as a couple of hackers, known only as Obnoxious and Pein, hacked the lineup of the channel's videos. The two hackers then proceeded to rename almost all of WatchMojo's videos with the title "HACKED BY OBNOXIOUS AND PEIN twitter.com/poodlecorp." Since the channel was compromised, the hackers have uploaded two new videos, "Top 5 Facts About the Yakuza," and a video about Neanderthal myths. Apart from these, however, the hackers have not touched anything else on the channel. Though, most of WatchMojo's videos still remain hacked as of writing. The popular channel announced that it is fully aware of the hack. WatchMojo further stated that it has already contacted YouTube about the incident and that it is already starting to fix the changes to its videos.

By BeauHD from Slashdot's revolutionary-design department:An anonymous reader writes: SanDisk has made its iXpand Memory Case to alleviate the problem that Apple creates when they release an iPhone in 2016 with only 16GB of on-board storage. The iXpand Memory Case is an iPhone case with flash storage built directly into the case itself that connects/charges via the Lightning port. You won't need a new phone and you won't need to carry around an extra charging dongle, which is the case for many other third-party cases and accessories. Since Apple doesn't make expanding your storage with third-party devices easy, you will need to download/install the companion SanDisk iXpand Memory Case app on your iPhone, which will automatically back-up your camera roll and password-protect your photos and files. If you need some extra juice, you can spend an extra $40 to receive a 1900mAh battery pack that attaches to the case. The iXpand Memory Case is only available with the iPhone 6 and 6s and is available with 32GB, 64GB, and 128GB of extra flash storage for $59, $99, and $129, respectively. Oh, and of course there are varying color options: Red, Grey, Sky and Mint. Maybe your phone battery is running low (God-forbid it is dead) and you just so happen to be nearby a KFC in Delhi or Mumbai, KFC has you covered. They have introduced a meal box that doubles as a smartphone charger.

By BeauHD from Slashdot's know-your-rights department:An anonymous reader writes: The EFF reports that a federal court in Virginia today ruled that a criminal defendant has no "reasonable expectation of privacy" in his personal computer (PDF), located inside his home. The court says the federal government does not need a warrant to hack into an individual's computer. EFF reports: "The implications for the decision, if upheld, are staggering: law enforcement would be free to remotely search and seize information from your computer, without a warrant, without probable cause, or without any suspicion at all. To say the least, the decision is bad news for privacy. But it's also incorrect as a matter of law, and we expect there is little chance it would hold up on appeal. (It also was not the central component of the judge's decision, which also diminishes the likelihood that it will become reliable precedent.) But the decision underscores a broader trend in these cases: courts across the country, faced with unfamiliar technology and unsympathetic defendants, are issuing decisions that threaten everyone's rights.

By BeauHD from Slashdot's creepiest-thing-you'll-see-all-day department:An anonymous reader writes: Boston Dynamics has shown the world their "fun-sizeified version of their Spot quadruped," the SpotMini robot. It's a quiet, all electric machine that features a googley-eyed face-arm. IEEE Spectrum notes some observations made from watching their YouTube video. First of all, the SpotMini appears to be waterproof and doesn't rely on hydraulics like the other more powerful robots of theirs. The SpotMini is likely operated by a human, and is not autonomous, though the self-righting could be an autonomous behavior. The video appears to show two separate versions of the SpotMini: an undressed and dressed variant (it's hard to tell if the "dressed" variant features differing components/abilities). There is a MultiSense S7 video camera on the front, some other camera-based vision system on the front, a butt-mounted Velodyne VLP-16 system, and what may be a small camera on the face-arm's mouth. One particularly noteworthy observation is that during much of the video, the SpotMini is traversing through a house. In other Boston Dynamics demo videos, the robots are outside. The author of the report says, "[...] it wouldn't surprise me if we're looking at an attempt to make an (relatively) affordable robot that can do practical things for people who aren't in the military."

By manishs from Slashdot's moving-forward department:Tom Randall, reporting for Bloomberg Technology:An experimental cancer treatment that alters the DNA of patients has won a key approval to proceed with its first human tests using the controversial gene-altering tool known as Crispr. Scientists from the University of Pennsylvania want to edit the immune systems of 18 patients to target cancer cells more effectively. The experiment, backed by internet billionaire Sean Parker, won approval from the Recombinant DNA Advisory Committee (RAC), a federal ethics panel set up at the National Institutes of Health 40 years ago to review controversial experiments that change the human genome. The trial still needs final approval from the U.S. Food and Drug Administration. The experiment targets difficult-to-treat cases of multiple myeloma, sarcoma, and melanoma. The scientists will remove blood samples from patients and alter their T-cells -- central to human immune response -- to more effectively target and pursue cancer. The T cells will then be infused back into patients and studied for the safety and effectiveness of the technique.STAT News has an article in which it discusses the probable consequences of altering the DNA of a cancer patient.

By manishs from Slashdot's calling-dibs-with-money-power department:Let's Encrypt is a nonprofit aimed at encrypting the entire web. It provides free certificates, and its service is backed by EFF, Mozilla, Cisco, Akamai and others. Despite it being around for years, security firm Comodo, which as of 2015, was the largest issuer of SSL certificates with a 33.6% market share on 6.6% of all web domains, last year in October filed for the trademark Let's Encrypt. The team at Let's Encrypt wrote in a blog post today that they have asked Comodo to abandon its "Let's Encrypt" applications, directly but it has refused to do so. The blog post adds: We've forged relationships with millions of websites and users under the name Let's Encrypt, furthering our mission to make encryption free, easy, and accessible to everyone. We've also worked hard to build our unique identity within the community and to make that identity a reliable indicator of quality. We take it very seriously when we see the potential for our users to be confused, or worse, the potential for a third party to damage the trust our users have placed in us by intentionally creating such confusion. By attempting to register trademarks for our name, Comodo is actively attempting to do just that.

By manishs from Slashdot's in-other-news department:Michael Nunez, reporting for Gizmodo:Facebook is adding political scenarios to its orientation training following concerns, first reported by Gizmodo, that workers were suppressing conservative topics in its Trending news section. Sheryl Sandberg, Facebook's chief operating officer, announced the change during an interview with conservative leader Arthur Brooks, president of the prominent conservative think tank the American Enterprise Institute. Brooks also attended a private meeting between Facebook executives and prominent conservative leaders following the controversy. "We had an ex-contractor on that team who accused us of liberal bias," Sandberg said during the interview. "Frankly, it rang true to some people because there is concern that Silicon Valley companies have a liberal bias. We did a thorough investigation, and we didn't find a liberal bias."

By manishs from Slashdot's payback-time department:Reader Khashishi writes: Slashdot has been following the story of Volkswagen manipulating diesel emissions tests for some time now. The control software contained algorithms which reduced emissions during testing but not during normal driving. Well, now Volkswagen has agreed to pay $10.2 billion (alternate source: BBC) to settle the case, according to Associated Press. This is higher than the $430 million damages estimated in this story. It appears that vehicle owners will have the choice of fixing their cars or selling them back. Most of the money will go towards fixing the cars, buying them back, and compensating owners.

By manishs from Slashdot's want-to-learn-coding? department:If you're on the fence on whether or not should you spring for learning how to code, Google is willing to offer a helping hand. The company has partnered with Udacity to offer a nano-degree class designed for people with no programming experience at all. The program costs $199 per month. ZDNet reports:The course material, developed by Google, is hosted on learning platform Udacity and builds on earlier programs such as the Android Nanodegree for Beginners. The basics course takes around four weeks if the student commits six hours a week and upon completion they'll have created two basic apps built in Android Studio."Google, in partnership with Udacity, is making Android development accessible and understandable to everyone, so that regardless of your background, you can learn to build apps that improve the lives of people around you," Google announced on its developer blog.

By manishs from Slashdot's act-surprised department:According to an investigation by a U.S. Senate, Charter and its new subsidiary Time Warner Cable have been overcharging customers at least $7.2 million per year for equipment and service. Time Warner Cable over-billed customers nationwide an estimated $639,948 between January and April period this year. This projects the sum to a yearly total of $1,919,844. Charter admitted that it overbilled its customers by "at least $442,691 per month." A report on BroadcastingCable states:The study found that "Time Warner Cable estimates that, in 2015, it overbilled 40,193 Ohio customers a total of $430,393 and 4,232 Missouri customers a total of $44,152," while "Charter estimates that it has annually overcharged approximately 5,897 Missouri customers a total of $494,000 each year. Charter does not provide service in Ohio." The report also said that Charter and Time Warner Cable have taken steps to correct the situation as a result of the investigation.

By manishs from Slashdot's interesting-moves department:Dan Rys, reporting for Billboard:As streaming continues to consolidate its foothold as a major force in the music-listening community, more and more players are getting into the increasingly crowded space. Today, BitTorrent announced it is adding an ad-supported streaming option to its BitTorrent Bundle offerings, which is officially re-launching as BitTorrent Now. But before anyone thinks the company is throwing its hat into the ring alongside Spotify, Apple Music and Tidal (or even Netflix and Hulu), BitTorrent Now isn't designed as a full-catalog competitor. Rather, its streaming component will be part of the distribution framework established with BitTorrent Bundle in 2013, giving artists who use its direct-to-fan platform the option to allow fans to stream their releases rather than download them. BitTorrent Now is currently available as an app on Android devices, with iOS and Apple TV apps on the horizon "shortly," according to a rep.

By manishs from Slashdot's withering-relationship department:According to a report from The Information, Huawei, the world's third largest smartphone manufacturer is working on its own mobile operating system (paywalled; alternate source). The report adds that the team that is developing this new operating system includes ex-Nokia employees. The new operating system is "meant as a contingency measure in case Google further tightens its grip on Android or stops offering it to smartphone makers." Additionally, Huawei is also putting efforts on making big changes to EMUI, its Android-based skin. From the report:According to The Information, changes could include the addition of an app drawer, redesigned icons (they're all currently iPhone-like rounded squares), and a new, "very clean, fresh" color palette. EMUI's current color scheme focuses on unusually dingy and muted colors -- grays and browns. Abigail Brody (an ex-Apple designer, which Apple hired last year) is reportedly planning to change these for brighter tones including blues and whites, and is looking to animals like jellyfish for inspiration.